Ultimately, it’s about staying vigilant about cybersecurity on a daily basis. Cybersecurity needs to be kept top of mind.

Adam Contos

Looking ahead, CEOs believe these five areas pose the greatest threat to their organization’s growth: tax, supply chain, reputational risk (including misalignment with customer/public sentiment), climate change and cybersecurity.

Cybersecurity is also among organizations’ top operational priorities over the next three years. Kyle Kappel, a principal who leads KPMG’s Cyber Security Services Network in the U.S., points out that the increase in remote workers who now access enterprise applications from anywhere in the world and from any device has increased the potential pathways for cyberattacks. “To protect themselves, companies need to be moving to a more advanced, zero-trust architecture, which entails bringing together security, networking, end-point identity and data management,” he says.

Top risks

A vast majority of CEOs recognize that information security is a key strategic function that is also a source of competitive advantage. They also view cybersecurity as critical to engendering trust with stakeholders and believe that protecting their partner ecosystem is just as important as building their own company’s cyber defenses.

To protect the data of his company stakeholders, George Sakellaris, President, CEO and Chairman of the Board at Ameresco, a renewable energy and energy savings efficiency solutions provider, has a three-pillar approach to cybersecurity. “We protect our data, our power plants’ data and our customers’ data,” he says. “We also have implemented measures and protocols to make sure that our suppliers do not breach security.” 

While U.S. CEOs recognize the importance of cybersecurity, most of them also acknowledge that their companies have not yet created cyber defenses that are resilient enough. Just 11% of U.S. CEOs consider their organization very well prepared for a cyberattack. “The No. 1 area is recognizing that being prepared is not a one-time event,” Kappel says. “Cybersecurity is a constantly evolving landscape and organizations have to be prepared for a long journey. Companies who make cyber core to their culture, hold their business leaders accountable for security and spend a significant portion of their yearly budget on cyber are going to be better prepared.”

Cyber security

RE/MAX has embraced a proactive approach to cybersecurity. The company regularly attempts to break into its home organization to ensure it will be able to react and respond to real-life attacks. The board and audit committee also have recurring cybersecurity briefings to discuss the testing results of these staged attacks. “Ultimately, it’s about staying vigilant about cybersecurity on a daily basis,” says Contos. “This cyber awareness applies beyond our headquarters; it also applies to our franchisees and agents and the industry [as a whole]. Cybersecurity needs to be kept top of mind.”

In recent months, ransomware attacks have become so prevalent that Kappel refers to them as “the new normal” of corporate America. While 65% of CEOs say they have a plan to address a ransomware attack if faced with one, 70% said an industrywide approach is necessary to properly address ransomware demands.

“While there has been a lack of direction around how companies should be communicating about ransomware attacks, we’re starting to see the shift toward a more open environment where organizations are working with industry peers, including competitors, to share information about cybersecurity incidents,” says Kappel.

With most companies participating in connected, multi-stakeholder ecosystems, a breach at one company can easily cascade across the whole supply chain. Eighty percent of CEOs believe that protecting their partner ecosystem and supply chain is just as important as building their own organization’s cyber defenses. 

“Digital risks, including cyber threat and service disruption from tech failures, are top of mind for CEOs,” says Brian Higgins, Supply Chain & Operations Practice Leader, KPMG U.S. “Supply chain is front and center in terms of better managing risks, and is foundational in building digital resilience over the next three years.”

The supply chain has been under increasing stress over the past 18 months, according to 47% of U.S. CEOs. “COVID-19 has brought about great challenges to the supply chain arena. There is a significant supply-and-demand disequilibrium, further exacerbated by raw material shortages, transportation congestion and delays, labor challenges and a shifting regulatory landscape,” Higgins explains.

“The CEO Outlook study results show that nearly all of the top operational priorities critical to achieving growth objectives over the next three years will lean heavily on the supply chain function. For many companies, this points to a need to further grow their supply chain capabilities and partner with the business to be an engine for growth,” adds Higgins. Fifty-nine percent of CEOs said they will be ensuring their supply chain is resilient in the event of a global lockdown and travel restrictions.

For Scott, Lear’s global supply chain, which extends from Wuhan, China, to Mexico, became the driver for building resilience capabilities. The company produced a step-by-step manual of the best protocols that plant managers could use for every potential pandemic-related scenario. After the company made the manual publicly available, it was downloaded 40,000 times. But the company took it even further to ensure the health and safety of its employers and the strength of its supply chain. In Mexico, for instance, Lear transformed its parking lots and warehouses into vaccination centers and provided more than 55,000 vaccines to not just employees but also to their families, friends and neighbors.

Supply chain

Tax has perhaps never been as top of mind for CEOs as it has been over the last year. “With another round of U.S. tax reform on the horizon, to a monumental global tax deal that will alter the way multinationals and digital services are taxed, to increasing tax controversies and the rising importance of the intersection of tax and ESG, it’s no wonder CEOs ranked tax risk as one of their top threats to growth in this year’s CEO Outlook study,” says Greg Engel, Vice Chair-Tax, KPMG U.S.  

In fact, seventy-seven percent of U.S. CEOs said that the proposed global minimum tax regime is of significant concern to their organization’s growth goals.

“All of this looming change has CEOs and the broader C-suite on the edge of their seats asking, ‘How likely?’ ‘How much?’ and ‘How soon?,’” says Engel. “This uncertainty, after corporate tax and finance departments just acclimated themselves to the major reforms ushered in by the 2017 Tax Cuts and Jobs Act, has created a great sense of unpredictability, leaving many leaders questioning how and when to prepare – but it is technology, once again, that’s the white horse, helping to speed up processes, better manage risk, find new paths to revenue and create some aspect of business stability,” adds Engel.